Sojobo v1.1 releases: A binary analysis framework

Sojobo – A binary analysis framework

Sojobo is an emulator for the B2R2 framework. It was created to easier the analysis of potentially malicious files. It is totally developed in .NET so you don’t need to install or compile any other external libraries (the project is self-contained).

With Sojobo you can:

Emulate a (32 bit) PE binary

Inspect the memory of the emulated process

Read the process state

Display a disassembly of the executed code

Emulate functions in a managed language (C# || F#)

Sojobo allows to emulate PE binary (32 bit) and to interact with the emulation. It implements a Sandbox class that can be used to emulate a given binary.

Sojobo is intended to be used as a framework to create program analysis utilities. However, various sample utilities were created in order to show how to use the framework in a profitable way.

Changelog v1.1

Added support to load external libraries

PEB->Ldr is correctly initialized according to the loaded modules

It is now possible to set memory hooks

Implemented C# binding to easier the usage of Sojobo library from C# developers

We use cookies to ensure that we give you the best experience on our website. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on Read more information.OkRead more